L.
Taylor
-
June 20, 2000
Event
Summary
Don't you hate it when your hard drives containing top-secret Nuclear
Secrets disappear? Another security compromise occurred at Los
Alamos National Laboratories last month when two hard drives containing
top-secret nuclear information disappeared from a 10 x 20 foot vault.
The compromise occurred in the "X-Division" where nuclear weapons are
designed. Funded by the U.S. Department of Energy, Los Alamos is one of
28 Department of Energy Laboratories within the United States. With an
annual budget of $1.2million, and over 9,000 staff, Los Alamos is the
largest employer in Northern New Mexico.
For
more than 50 years, Los Alamos National Laboratory's primary mission has
been to apply science and technology to problems of national security.
According to Los Alamos Director John C. Browne, reducing global nuclear
danger is one of the laboratory's focus areas. The Department of Energy
Secretary, Bill Richardson, was roasted by Senate Republications when
he failed to appear at a joint hearing of the Senate Intelligence and
Energy committees.
Los
Alamos National Laboratory was founded in the midst of WWII as a response
to the fear that Adolf Hitler would make nefarious use of the Nazi German
discovery of fission which occurred in 1938. In March of 1943, a small
group of scientists, whose mission was to find a way to end WWII, started
collaborating at the Ranch School for Boys in Los Alamos, New Mexico.
Figure
1. Fuller Lodge, Ranch School for Boys
Market
Impact
The potential impact as a result of this compromise of National Security
is enormous. According to Dr. Browne, the system for accounting for users
of secret documents was ended in 1993. Dr. Browne verified that the hard
drives contained a variety of U.S. and foreign nuclear weapon designs,
and conceded that there was no audit trail of who might have used them
last. Though the hard drives disappeared sometime before May 7, Dr. Browne
first learned of the compromise on May 31st.
Figure
2. John C. Browne, Director of Los Alamos National Laboratory
DOE
secretary Richardson is calling for disciplinary action and accountability.
So far, six employees of Los Alamos have been relieved of their duties.
Using lie detector tests, the FBI is investigating an elite team of nuclear-weapons
scientists and engineers to help determine why and how the two hard drives
disappeared.
In
April the computer network at the DOE's headquarters was audited for security
vulnerabilities. The audit revealed numerous network weaknesses, the ability
to be penetrated, and that even the security of closely guarded systems
was vulnerable to compromise. The department's director of security and
emergency, Eugene Habigier has blamed Congress for not giving the department
the extra $28million it requested last year. In 1998, an audit of DOE
networks discovered hundreds of sensitive agency information files available
from the Internet.
In
1998, Los Alamos began a program called the Threat Reduction Directorate
(TRD). TRD was supposed to respond to and head-off threats posed by nuclear,
biological, and chemical weapons of mass destruction.
In
a presentation made by the DOE Safeguard systems Group earlier this year,
it was documented that both "outsiders" and "insiders" remained a threat.
Recommendations
It is apparent that Los Alamos National Laboratories is no longer capable
of carrying out their mission to enhance the security of nuclear weapons
and nuclear materials worldwide. This laboratory, which had been originally
commissioned to preserve the earth through advancements in science and
technology, may in fact be unknowingly sabotaging their own mission. Had
proper due diligence been taken, the loss of two hard drives would not
pose that much of a threat if the information had been appropriately encrypted.
The
security mistakes that are being made at Los Alamos are sloppy and unacceptable.
Directors of Federal Agencies need to start being held accountable for
National Security, or suffer extensive consequences -loss of funding,
loss of employment, and possible criminal investigations.
Figure
3. The mission of enhancing Global Nuclear Security at Los Alamos
has backfired.
Demystifying SAP Solution Manager | Cloud Assets: A Guide for SMBs—Part 3 | I Want My Private Cloud | The Sum of All Malware Fears: Siemens on Stuxnet | Managing the Overflow of E-mails | Security Risk Assessment and Management in Web Application Security | Are You Adequately Protecting Your IT Infrastructure Components Inside the Firewall? | Enterprise Resource Planning Giants Eye the Shop Floor | Who Else is Using Your Wireless Network? | Information Security Firewalls Market Report
Part Two: Current Market Trends and User Recommendations | Information Security Firewalls Market Report
Part One: Market Overview and Technology Background | Automated Enterprise: Many High-ROI Opportunities | Secure Transfers of Large Files Over the Internet Using YouSendIt | Fed Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part Two: Challenges and User Recommendations | Feds Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part One: Event Summary and Market Impact |
Product Review: GFI's LANguard Network Security Scanner | The Best ACT! Is Still to Come | HIPAA-Watch for Security Speeds Up Compliance
Part Two: Phase III and IV, and Product and User Recommendations | HIPAA-Watch for Security Speeds Up Compliance
Part One: Vendor and Product Information | EAM Versus CMMS: What's Right for Your Company? Part One | Using PKI to Protect Your Business Information | The CyberAngel: Laptop Recovery and File Encryption All-in-One | Evaluating Enterprise Software-Business Process or Feature/Function-Based Approach? All the above, Perhaps?
Part Three: Knowledge Bases and User Recommendations | InsideOut Firewall Reporter Unravels the Mysteries of Your Firewall Logs | The Future of Secure Remote Password (SRP)
Part Two: Overcoming Obstacles to Success | The Future of Secure Remote Password (SRP) | Integrated Security: A New Network Approach
Part Two: The Shift Toward Integration | Integrated Security: A New Network Approach | Vendor Analysis: Kaspersky Anti-Virus Products Examined | 6 Immediate Business Improvements Offered by an Online SRM System:
Part 3: Other Points to Consider | Legacy Single Sign-On: Novell, Evidian, IBM, PassGo, or Computer Associates? | Fourth Shift's evolution Within SoftBrands' DemandStream | OKENA Brews Up a StormSystem that Secures All Applications | Incident Handling and Response Capability: An IT Security Safeguard
Part 2: Establishing the Capability | Incident Handling and Response Capability: An IT Security Safeguard
Part 1: Are You Ready to Support an Incident Response Capability? | Outsourcing Security
Part 3: Selecting a Managed Security Services Provider | Outsourcing Security
Part 2: Measuring the Cost | Outsourcing Security
Part 1: Noting the Benefits | Vendor Review: SecureWave Protects Microsoft Operating System Platforms | Thanks to a Smart Little Company called Lexias, CIOs Can Now Empower their Users to Assist in eBusiness Security | Feds Buckle Down on Customer Information Security | Identix Leads Biometric Authentication | Bootcamp for the Pros; Why Ernst & Young Will Lead Security Auditing Standards | Vendor Analysis: Interliant's Security Vulnerability Assessment | OKENA Pioneers Next-Generation Intrusion Prevention | Social Engineering Can Thwart the Best Laid Security Plans | Application Single-Sign On: Netegrity, Securant, or Evidian? | Lost Your Laptop? The CyberAngel® Brings It Back | InsideOut Makes Firewall Reporting Useful | The SOAP Opera Progresses - Helping XML to Rule the World | Talarian and NextSet Team for B2B Solutions | Tempest Creates a Secure Teapot | E*Trade Ignores Private Security Warning, But Public Hullaballoo Gets Response | My Network Engineers are Talking about Implementing Split DNS. What Does that Mean? | Human-Machine Interaction Company Ramps Up Firewall Product Line | Security Information Market Heading for Growth | Alibris Charged with Intercepting Email | Cart32 in Need of Duct Tape | Deutsche Telekom to Acquire VoiceStream Wireless | Study Shows: FBI Alienates Industry Security Experts | Firewall Cowboyz Set the Stage to Free Innocent Convict | Symantec Swallows AXENT; Takes on Network Associates | Novatel Wireless and Diversinet Team Up to Provide Security for Wireless Modems | Windows 2000 Bug Fixes Posted | Baltimore Technologies Doubles Revenues, Offers World-Class PKI Hosting | The Whys and Hows of a Security Vulnerability Assessment | Earthlink Leads the Way in DSL Security | PKI and Biometrics Ready for Take-Off | Secure Transport of EDI and XML for Trading Exchanges | Can You Trust Entrust? | Standard & Poor's Announces Security Certification | Check Point Leads Firewall Market | Fighting Cybercrime on the Internet | NetWare for Small Business – NetWhy? | Let Your Hard Drives Tell You Where they Are! | E&Y Spins-Off eSecurity Online and Unveils Security Vulnerability Assessment Services | With Record Revenues, AXENT Puts Down a Solid Fist | NAI Will Pay Trend $12.5 Million Resulting from Law Suit | Sub7 Tells Chat Rooms All Your Stuff; F-Secure Leads the Battle | E-Cash Rollout Replaces Amex | GSA Schedule Partnership Gets Network-1 in the Door | Standard & Poor's Exposes Customers' Security | The AS/400 Takes You Securely Where You Want to Go | Trend Micro Steps into PDA/Wireless AntiVirus Information Market | CryptoSwift Takes Rainbow Revenues Up 620% | Smart Shoppers Go Abroad for Affordable Information Security Programs | Anti-Virus Advisories: Rating Them | The 7 Habits of Highly Effective Security | Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos | Abandon All Insecurity, Ye Who Enter Here | Top 10 Excuses For Not Securing Your Website or Network | Ernst & Young Leads Big 5 in Security | 6 Days After Advisory Posted, AboveNet Gets Hit | A Firewall is Cheaper Than a Lawyer | Fixing Security Backdoors:
Red Hat 1, Microsoft 0 | WAP Forum Specifies RSA’s RC5 Encryption For Wireless | Netpliance Responds Quickly to Hardware Hack | Security Stocks Burn Rubber | DSL Provider Scoops up Netscreen Firewall Goldmine | Cyclone Untangles Digital Partnerships | Security Begins on Your Desktop | Network Associates Hopes to Rekindle the Flame | Hacker Publication Gets Top Defense Attorney | Saudi Arabian Network Security Provokes Local Considerations | Gosh, There’s a Bug in Windows 98 | Robust Systems are Built from the Bottom Up | DOJ Keeps Low Profile on Curador; Protect Your IIS Server Today! | Security Breach: Now What? | Sendmail, Inc. and Disappearing, Inc. Team Up to Add Enhanced Security | Is Your Financial Transaction Secure? | Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance | Expect Boom in Electronic Signatures | Secure Your Search Engine | President Proposes Security of Medical Records | Sendmail Takes Security to the Next Level with Version 3.0 for NT | CheckPoint & Nokia Team Up to Unleash a Rockin' Security Appliance | Trend Micro Anti-Virus Server for Microsoft Exchange ~ A Secure Choice For Enterprise Wide Anti Virus Protection. | Security Snafu at NetBank | Freeware Vendor's Web Tracking Draws Curses | The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too) | Content Technologies releases MIMEsweeper PolicyPlus | Hackers Will Be Out in Full Force On New Year's Eve | Analysis of Virgin Net's Hacker Scare | Network Associates RePositions Itself as a Security E-Village | Lexiguard™: The Coming "Adobe Acrobat" of Encryption | CyberPeepers from Korean Sites Peek at U.S. Networks | Would You Hire a Hacker? What Would Your Mother Say? | @Home Scans Own Customers | CIOs Need to Be Held Accountable for Security | New Market for Security Insurance | At Least Your Boss Can't Read Your Home E-mail, Right? Wrong! | PrettyPark Virus Litters Cyberspace | Packard Bell / NEC Leads Secure Etoken Deployment | Congress Acknowledges Outdated Banking Laws | How Secure is Your E-Mail? | Trend Virus Control System - A Centralized Approach to Protection | VPNs Are Hot, but What Are They? | ATM Machines Hacked in Moscow | How To Mitigate Holiday Cybercrime | Surf's Up at Akamai |